Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2016-10174
Analyzed
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-30 Jan, 2017 | 04:59
Updated At-21 Apr, 2026 | 16:26

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2022-03-252022-04-15NETGEAR WNR2000v5 Router Buffer Overflow VulnerabilityApply updates per vendor instructions.
Date Added: 2022-03-25
Due Date: 2022-04-15
Vulnerability Name: NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
Required Action: Apply updates per vendor instructions.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
NETGEAR, Inc.
netgear
>>d6100_firmware>>-
cpe:2.3:o:netgear:d6100_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d6100>>-
cpe:2.3:h:netgear:d6100:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d7000_firmware>>-
cpe:2.3:o:netgear:d7000_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d7000>>-
cpe:2.3:h:netgear:d7000:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d7800_firmware>>-
cpe:2.3:o:netgear:d7800_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>d7800>>-
cpe:2.3:h:netgear:d7800:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jnr1010v2_firmware>>-
cpe:2.3:o:netgear:jnr1010v2_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jnr1010v2>>-
cpe:2.3:h:netgear:jnr1010v2:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jnr3300_firmware>>-
cpe:2.3:o:netgear:jnr3300_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jnr3300>>-
cpe:2.3:h:netgear:jnr3300:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2010v5_firmware>>-
cpe:2.3:o:netgear:jwnr2010v5_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>jwnr2010v5>>-
cpe:2.3:h:netgear:jwnr2010v5:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r2000_firmware>>-
cpe:2.3:o:netgear:r2000_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r2000>>-
cpe:2.3:h:netgear:r2000:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6100_firmware>>-
cpe:2.3:o:netgear:r6100_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6100>>-
cpe:2.3:h:netgear:r6100:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220_firmware>>-
cpe:2.3:o:netgear:r6220_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r6220>>-
cpe:2.3:h:netgear:r6220:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7500_firmware>>-
cpe:2.3:o:netgear:r7500_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7500>>-
cpe:2.3:h:netgear:r7500:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7500v2_firmware>>-
cpe:2.3:o:netgear:r7500v2_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7500v2>>-
cpe:2.3:h:netgear:r7500v2:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3700v4_firmware>>-
cpe:2.3:o:netgear:wndr3700v4_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3700v4>>-
cpe:2.3:h:netgear:wndr3700v4:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3800_firmware>>-
cpe:2.3:o:netgear:wndr3800_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr3800>>-
cpe:2.3:h:netgear:wndr3800:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr4300_firmware>>-
cpe:2.3:o:netgear:wndr4300_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr4300>>-
cpe:2.3:h:netgear:wndr4300:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr4300v2_firmware>>-
cpe:2.3:o:netgear:wndr4300v2_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr4300v2>>-
cpe:2.3:h:netgear:wndr4300v2:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr4500v3_firmware>>-
cpe:2.3:o:netgear:wndr4500v3_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr4500v3>>-
cpe:2.3:h:netgear:wndr4500v3:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr4700_firmware>>-
cpe:2.3:o:netgear:wndr4700_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wndr4700>>-
cpe:2.3:h:netgear:wndr4700:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000v2_firmware>>-
cpe:2.3:o:netgear:wnr1000v2_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000v2>>-
cpe:2.3:h:netgear:wnr1000v2:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000v4_firmware>>-
cpe:2.3:o:netgear:wnr1000v4_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr1000v4>>-
cpe:2.3:h:netgear:wnr1000v4:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2000v3_firmware>>-
cpe:2.3:o:netgear:wnr2000v3_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2000v3>>-
cpe:2.3:h:netgear:wnr2000v3:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2000v4_firmware>>-
cpe:2.3:o:netgear:wnr2000v4_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2000v4>>-
cpe:2.3:h:netgear:wnr2000v4:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2000v5_firmware>>-
cpe:2.3:o:netgear:wnr2000v5_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2000v5>>-
cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020_firmware>>-
cpe:2.3:o:netgear:wnr2020_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2020>>-
cpe:2.3:h:netgear:wnr2020:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2050_firmware>>-
cpe:2.3:o:netgear:wnr2050_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2050>>-
cpe:2.3:h:netgear:wnr2050:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2200_firmware>>-
cpe:2.3:o:netgear:wnr2200_firmware:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>wnr2200>>-
cpe:2.3:h:netgear:wnr2200:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Primarynvd@nist.gov
CWE-120Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-120
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-120
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerabilitycve@mitre.org
Vendor Advisory
http://seclists.org/fulldisclosure/2016/Dec/72cve@mitre.org
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/95867cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txtcve@mitre.org
Exploit
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/40949/cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41719/cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerabilityaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://seclists.org/fulldisclosure/2016/Dec/72af854a3a-2127-422b-91ae-364da2661108
Exploit
Mailing List
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/95867af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
Technical Description
Third Party Advisory
https://www.exploit-db.com/exploits/40949/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41719/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10174134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2016/Dec/72
Source: cve@mitre.org
Resource:
Exploit
Mailing List
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/95867
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt
Source: cve@mitre.org
Resource:
Exploit
Technical Description
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/40949/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/41719/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://seclists.org/fulldisclosure/2016/Dec/72
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Mailing List
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/95867
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Technical Description
Third Party Advisory
Hyperlink: https://www.exploit-db.com/exploits/40949/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/41719/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10174
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource
Change History
0Changes found
Details not found